Hi!
I want to restrict a user, upon login, to exactly two commands on an IOS router:
1) show users
2) logout
The user must not have access to any other command in the CLI.
But I cannot figure out how to accomplish this.
(config)# username test privilege 0 password test
(config)# privilege exec level 0 show users not only enables the show users subcommand, but also gives access to the whole set of "show" subcommands. How do I allow exactly one subcommand to be available to a user?
If I issue (config)# privilege exec level 1 show afterwards, level 0 user for some reason loses access to the "show users" subcommand.
I've been banging my head against a wall for days. Is what I want to achieve even possible and if it is, how?